My query script thinks that dnssec-trigger has a script or trigger that directly enables a systemd unit using 'systemctl enable'. It probably should not. Please update this packages to use the macroized scriptlet (https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd). If your package has an exception from FESCo permitting it to enable itself, please make sure that the service in question is listed in the appropriate preset file. There is a general exception described here: https://fedoraproject.org/wiki/Starting_services_by_default If your package falls under the general exception, then it is possible that no change is required. Nevertheless, if you are relying on the exception, please make sure that your rpm scripts are sensible. The exception is: In addition, any service which does not remain persistent on the system (aka, it "runs once then goes away"), does not listen to incoming connections during initialization, and does not require configuration to be functional may be enabled by default (but is not required to do so). An example of "runs once then goes away" service is iptables. Given that this issue can affect Fedora 20 users who install your package as a dependency, this bug should be fixed in Fedora 20 and Rawhide.
Yep, I know about this "feature" and I don't like it either but we did that as a temporary measure before NetworkManager is capable of rewriting /etc/resolv.conf on request. While the easiest solution is just to remove the call to systemctl, it will leave the network in a half-configured state after 'systemctl stop dnssec-triggerd'.
Just in case... is 'systemctl try-restart' (which is being used here) not acceptable at least as a temporary solution?
I think my query script queried too old a version of dnssec-trigger. I don't see a problem right now. The spec file could probably still be simplified by using %systemd_postun_with_restart, but I don't think there's an actual bug. Sorry. Feel free to close this if you don't want to make any changes.
Also, if you are actually doing something complicated here, asking FESCo's opinion might be a good idea. I'm not any kind of authority here; I just got annoyed at finding a bunch of packages that were clearly and erroneously enabling themselves.
(In reply to Andy Lutomirski from comment #3) > I think my query script queried too old a version of dnssec-trigger. I > don't see a problem right now. Thanks! > The spec file could probably still be simplified by using > %systemd_postun_with_restart, Current master and f20 branch: %postun· %systemd_postun_with_restart %{name}d.service > but I don't think there's an actual bug. > Sorry. Feel free to close this if you don't want to make any changes. Sure. Thank you for your effort.